Pre-Assessment Exam

Question 1

Which prevention and mitigation measures best protect against the impact of a ransomware attack? (Choose two.)

ICMP blocking rules

Alert e-mail notifications

System imaging

Data backups

Answer 1

System imaging

Data backups

In the event of a ransomware infection, systems can be quickly returned to an operational state by applying a system image. Frequent data backups enable the restoration of data prior to the ransomware outbreak

Question 2

A company executive complains that her online banking credentials no longer work. After further investigation, you determine that the user clicked a link in a fraudulent e-mail meant to deceive bank customers. Which type of attack occurred?

Tailgating

Hoax

Phishing

Answer 2

Phishing

Phishing scams attempt to convince victims to divulge sensitive information such as online banking credentials

Question 3

Which type of attack involves an attacker injecting malicious executable code into a web site page that will be viewed by others?

Buffer overflow

Cross-site request forgery

Cross-site scripting

Answer 3

Cross-site scripting

Cross-site scripting attacks result from victims using a web site that a malicious user has injected with malicious code. The victim’s web browser then executes that code. This can result from ineffective web form field input validation

Question 4

A malicious user enters a coffee shop and configures a Wi-Fi hotspot that uses the same name used by the legitimate public Wi-Fi available in the coffee shop. What has the malicious user configured?

MAC spoofing

IP spoofing

Evil twin

Answer 4

Evil twin

An evil twin is an additional Wi-Fi network configured by an attacker to appear as an existing legitimate Wi-Fi network, in hopes that unsuspecting users will connect to it

Question 5

What will detect network or host intrusions and take actions to prevent an intrusion from continuing?

IPS

IDS

IPSec

Answer 5

IPS

An intrusion prevention system (IPS) actively monitors network or system activity for abnormal activity and can be configured to take steps to stop or contain it. Abnormal activity can be detected by checking for known attack patterns (signature-based) or variations beyond normal activity (anomaly-based)

Question 6

A router must be configured to allow traffic from certain hosts only. How can this be accomplished?

ACL

Subnet

Proxy server

Answer 6

ACL

Access control lists (ACLs) are router settings that allow or deny various types of network traffic from or to specific hosts

Question 7

Your company issues smart phones to employees for business use. Corporate policy dictates that all data stored on smart phones must be encrypted. To which fundamental security concept does this apply?

Confidentiality

Integrity

Availability

Answer 7

Confidentiality

Confidentiality ensures that data is accessible only to those parties who should be authorized to access the data. Encrypting data stored on smart phones protects that data if the phone is lost or stolen

Question 8

To give a contractor network access quickly, a network administrator adds the contractor account to the Windows Administrators group. Which security principle does this violate?

Separation of duties

Least privilege

Job rotation

Answer 8

Least privilege

The least privilege principle states that users should be given only the rights needed to perform their duties and nothing more. Adding a contractor to the Administrators group violates this principle by granting the contractor too much privilege

Question 9

Complex passwords are considered which type of security control?

Management

Technical

Physical

Answer 9

Technical

Technical security controls such as complex passwords are used to protect computing resources such as files, web sites, databases, and so on. Complex passwords can help prevent malicious access to IT systems and data

Question 10

n insurance company charges an additional $200 monthly premium for natural disaster coverage for your business site. What figure must you compare this against to determine whether to accept this additional coverage?

ALE

ROI

Total cost of ownership

Answer 10

ALE

The annual loss expectancy (ALE) value refers to the yearly cost related to the loss of the use of a service or business process. ALE is used with quantitative risk analysis approaches to prioritize and justify expenditures that protect from potential risks. For example, an ALE value of $1000 might justify a $200 annual expense to protect against that risk

Question 11

Which of the following physical access control methods do not normally identify who has entered a secure area? (Choose two.)

Access control vestibule

Hardware locks

Fingerprint scan

Smartcard

Answer 11

Access control vestibule

Hardware locks

Access control vestibules are designed to trap trespassers in a restricted area. Some access control vestibule variations use two sets of doors, one of which must close before the second one opens. Traditional access control vestibules do not require access cards. Hardware locks simply require possession of a key. Neither verifies the person’s identity

Question 12

Juanita uses the Firefox web browser on her Linux workstation. She reports that her browser home page keeps changing to web sites offering savings on consumer electronic products. Her virus scanner is running and is up-to-date. What is the most likely cause of the problem?

Juanita is experiencing a denial-of-service attack.

Juanita’s user account has been compromised.

Juanita’s browser configuration is being changed by adware.

Answer 12

Juanita’s browser configuration is being changed by adware.

Adware attempts to expose users to advertisements in various ways, including through pop-ups or changing the web browser home page. Spyware often analyzes user habits so that adware displays relevant advertisements. Some antivirus software also scans for spyware, but not in this case

Question 13

Which of the following refers to unauthorized data access of a Bluetooth device over a Bluetooth wireless network?

Bluejacking

Bluesnarfing

Packet sniffing

Answer 13

Bluesnarfing

Bluesnarfing is the act of connecting to and accessing data from a device over a Bluetooth wireless connection. It is considered much more invasive than packet sniffing or port scanning

Question 14

The process of disabling unneeded network services on a computer is referred to as what?

Patching

Fuzzing

Hardening

Answer 14

Hardening

Hardening includes actions such as disabling unneeded services to make a system more secure

Question 15

How can you best prevent rogue machines from connecting to your network?

Deploy an IEEE 802.1x configuration.

Use strong passwords for user accounts.

Use IPv6.

Answer 15

Deploy an IEEE 802.1x configuration.

The IEEE 802.1x standard requires that devices be authenticated before being given network access. For example, it might be configured for VPN appliances, network switches, and wireless access points that adhere to the standard

Question 16

You want to focus and track malicious activity to a particular host in your screened subnet. What should you configure?

Honeynet

Honeypot

Screened subnet tracker

Answer 16

Honeypot

A honeypot is an intentionally vulnerable host used to attract and track malicious activity

Question 17

A security auditor must determine which types of servers are running on a network. Which tool or technique is best suited for this task?

OS fingerprinting

Protocol analyzer

Port scanner

Answer 17

OS fingerprinting

Network mapping and vulnerability scanning utilities can map a network’s layout and identify operating systems running on hosts using OS fingerprinting. This technique analyzes network packets to and from the host to identify the operating system in use

Question 18

Which type of security testing provides network configuration information to testers?

Known environment

Unknown environment

Partially known environment

Answer 18

Known environment

A known environment test provides testers with detailed configuration information regarding the software or network they are testing

Question 19

The web developers at your company are testing their latest web site code before going live to ensure that it is robust and secure. During their testing, they provide malformed URLs with additional abnormal parameters as well as an abundance of random data. Which term describes their actions?

Cross-site scripting

Fuzzing

Patching

Answer 19

Fuzzing

Fuzzing is a means of injecting data into an application that it does not expect to ensure that no weaknesses are present in the application

Question 20

Which solution can centrally authenticate users between different organizations?

RADIUS

RADIUS federation

EAP-FAST

Answer 20

RADIUS federation

RADIUS federation required a trusted identify provider in one organization. Edge devices forward authentication requests only to a RADIUS server located on a protected network

Question 21

What can be done to protect data after a handheld device is lost or stolen?

Enable encryption.

Execute a remote wipe.

Enable screen lock.

Answer 21

Execute a remote wipe.

Mobile device administrators can configure devices such that sensitive apps and data can be removed remotely, or wiped, if the device is lost or stolen

Question 22

Which firmware solution can store keys used for storage media encryption?

TPM

DLP

EFS

Answer 22

TPM

Trusted Platform Module (TPM) chips can store cryptographic keys or certificates used to encrypt and decrypt drive contents. If the drive were moved to another computer (even one with TPM), the drive would remain encrypted and inaccessible

Question 23

Your company has issued Android-based smart phones to select employees. Your manager asks you to harden the phones and ensure that data confidentiality is achieved. How should you address your manager’s concerns while minimizing administrative effort?

Implement SCADA, screen locking, device encryption, and antimalware, and disable unnecessary software on the phones.

Implement PKI VPN authentication certificates, screen locking, and antimalware, and disable unnecessary software on the phones.

Implement screen locking, device encryption, patching, and antimalware, and disable unnecessary software on the phones.

Answer 23

Implement screen locking, device encryption, patching, and antimalware, and disable unnecessary software on the phones.

Hardening a smart phone includes configuring automatic screen locking, encrypting data on the device, patching the OS and required apps, installing and updating antimalware, and disabling unnecessary features and software

Question 24

Stored data is referred to as:

Data-in-process

Data-in-transit

Data-at-rest

Answer 24

Data-at-rest

Data-at-rest is data stored on media

Question 25

Which term best describes sensitive medical information?

PHI

TLS

PII

Answer 25

PHI

Protected health information (PHI) refers to sensitive medical information stored and accessed in a secured manner

Question 26

Which of the following is considered multifactor authentication?

Username/password

Fingerprint scan/retinal scan

Smartcard/PIN

Answer 26

Smartcard/PIN

A smartcard constitutes “something you have,” while knowledge of the smartcard PIN constitutes “something you know.” When used together, they are considered multifactor authentication

Question 27

You are evaluating public cloud storage solutions. Users will be authenticated to a local server on your network that will allow them access to cloud storage. Which identity federation standard could be configured to achieve this?

LDAP

PKI

SAML

Answer 27

SAML

Security Assertion Markup Language (SAML) is an XML standard that defines how authentication and authorization data can be transmitted in a federated identity environment

Question 28

Which data forensic term encompasses documenting all aspects of evidence to ensure its integrity?

Legal hold

Encryption

Chain of custody

Answer 28

Chain of custody

The chain of custody ensures that the whereabouts of evidence can be accounted for at all times, along with who accessed the evidence

Question 29

The Human Resources department in your company has a policy for conducting thorough background checks before hiring new employees. What type of control is this?

Administrative

Least privilege

Technical

Answer 29

Administrative

Hiring practices are administrative controls

Question 30

Smartcard

CAC

Hardware token

Answer 30

CAC

Common access cards (CAC) grant access to multiple items such as computers and buildings

Question 31

Which cryptographic approach uses points on a curve to define public and private key pairs?

RSA

DES

ECC

Answer 31

ECC

Elliptic Curve Cryptography (ECC) is public key cryptography based on points on an elliptic curve

Question 32

Your colleagues report that there is a short time frame in which a revoked certificate can still be used. Why is this?

The CRL is published periodically.

The CRL is published immediately but must replicate to all hosts.

The CRL is dependent on network bandwidth.

Answer 32

The CRL is published periodically.

The certificate revocation list (CRL) is not published immediately; it is published either manually or on a schedule, so there may be a small time frame in which revoked certificates can still be used

Question 33

Which type of VPN configuration can use the Internet connection of a VPN client device to access Internet resources as opposed to the VPN-connected network’s Internet connection?

Split tunnel

Full tunnel

IPSec

Answer 33

Split tunnel

VPNs with a split tunnel configuration direct traffic for resources available on the other side of the VPN through the VPN tunnel. VPN clients accessing Internet resources will use the VPN client’s Internet connection, hence split tunnel

Question 34

Which standard specifies the syntax used to represent cybersecurity information?

TAXII

XML

STIX

Answer 34

STIX

The Structured Threat Information eXpression (STIX) standard defines the syntax used to represent cybersecurity information

Question 35

Which tool enables web page viewing on the dark web?

Tor web browser

VPN client

Google Chrome web browser

Answer 35

Tor web browser

The Tor web browser is designed to provide anonymous access to the Internet and the dark web

Question 36

Which type of security tool can reduce incident response time by automating security incident response tasks?

Botnet

IPS

SOAR

Answer 36

SOAR

Security Orchestration, Automation, and Response (SOAR) is a software solution designed to make incident response more efficient by reducing response time through automation

Question 37

You are deploying cloud storage for your organization through a public cloud provider. Which type of cloud service model does this apply to?

IaaS

PaaS

XaaS

Answer 37

IaaS

Infrastructure as a Service (IaaS) refers to compute, network, and storage services offered in the cloud

Question 38

Which Linux command is used to view log data captured by the systemd daemon?

dd

tcpdump

journalctl

Answer 38

journalctl

The Linux journalctl command is used to view systemd logs and includes filtering capabilities such as journalctl –b to view only those log entries related to the most recent system boot (this will show you journal entries that have been collected since the most recent reboot)